1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.kernel.util.GetterUtil;
29  import com.liferay.portal.kernel.util.Validator;
30  import com.liferay.portal.model.Group;
31  import com.liferay.portal.model.OrgGroupPermission;
32  import com.liferay.portal.model.Organization;
33  import com.liferay.portal.model.Permission;
34  import com.liferay.portal.model.Resource;
35  import com.liferay.portal.model.ResourceCode;
36  import com.liferay.portal.model.ResourceConstants;
37  import com.liferay.portal.model.Role;
38  import com.liferay.portal.model.User;
39  import com.liferay.portal.model.UserGroup;
40  import com.liferay.portal.security.permission.PermissionCacheUtil;
41  import com.liferay.portal.security.permission.PermissionCheckerBag;
42  import com.liferay.portal.security.permission.ResourceActionsUtil;
43  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
44  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
45  import com.liferay.portal.util.PropsValues;
46  import com.liferay.portal.util.comparator.PermissionComparator;
47  
48  import java.util.ArrayList;
49  import java.util.Iterator;
50  import java.util.List;
51  
52  import org.apache.commons.lang.time.StopWatch;
53  import org.apache.commons.logging.Log;
54  import org.apache.commons.logging.LogFactory;
55  
56  /**
57   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
58   *
59   * @author Charles May
60   * @author Brian Wing Shun Chan
61   * @author Raymond Augé
62   *
63   */
64  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
65  
66      public Permission addPermission(
67              long companyId, String actionId, long resourceId)
68          throws SystemException {
69  
70          Permission permission = permissionPersistence.fetchByA_R(
71              actionId, resourceId);
72  
73          if (permission == null) {
74              long permissionId = counterLocalService.increment(
75                  Permission.class.getName());
76  
77              permission = permissionPersistence.create(permissionId);
78  
79              permission.setCompanyId(companyId);
80              permission.setActionId(actionId);
81              permission.setResourceId(resourceId);
82  
83              permissionPersistence.update(permission, false);
84          }
85  
86          return permission;
87      }
88  
89      public List<Permission> addPermissions(
90              long companyId, String name, long resourceId,
91              boolean portletActions)
92          throws SystemException {
93  
94          List<Permission> permissions = new ArrayList<Permission>();
95  
96          List<String> actions = null;
97  
98          if (portletActions) {
99              actions =
100                 ResourceActionsUtil.getPortletResourceActions(companyId, name);
101         }
102         else {
103             actions = ResourceActionsUtil.getModelResourceActions(name);
104         }
105 
106         for (int i = 0; i < actions.size(); i++) {
107             String actionId = actions.get(i);
108 
109             Permission permission = addPermission(
110                 companyId, actionId, resourceId);
111 
112             permissions.add(permission);
113         }
114 
115         return permissions;
116     }
117 
118     public void addUserPermissions(
119             long userId, String[] actionIds, long resourceId)
120         throws PortalException, SystemException {
121 
122         User user = userPersistence.findByPrimaryKey(userId);
123 
124         List<Permission> permissions = permissionFinder.findByU_R(
125             userId, resourceId);
126 
127         permissions = getPermissions(
128             user.getCompanyId(), actionIds, resourceId);
129 
130         userPersistence.addPermissions(userId, permissions);
131 
132         PermissionCacheUtil.clearCache();
133     }
134 
135     public List<String> getActions(List<Permission> permissions) {
136         List<String> actions = new ArrayList<String>();
137 
138         Iterator<Permission> itr = permissions.iterator();
139 
140         while (itr.hasNext()) {
141             Permission permission = itr.next();
142 
143             actions.add(permission.getActionId());
144         }
145 
146         return actions;
147     }
148 
149     public List<Permission> getGroupPermissions(long groupId, long resourceId)
150         throws SystemException {
151 
152         return permissionFinder.findByG_R(groupId, resourceId);
153     }
154 
155     public List<Permission> getGroupPermissions(
156             long groupId, long companyId, String name, int scope,
157             String primKey)
158         throws SystemException {
159 
160         return permissionFinder.findByG_C_N_S_P(
161             groupId, companyId, name, scope, primKey);
162     }
163 
164     public List<Permission> getOrgGroupPermissions(
165             long organizationId, long groupId, long resourceId)
166         throws SystemException {
167 
168         return permissionFinder.findByO_G_R(
169             organizationId, groupId, resourceId);
170     }
171 
172     public long getLatestPermissionId() throws SystemException {
173         List<Permission> permissions = permissionPersistence.findAll(
174             0, 1, new PermissionComparator());
175 
176         if (permissions.size() == 0) {
177             return 0;
178         }
179         else {
180             Permission permission = permissions.get(0);
181 
182             return permission.getPermissionId();
183         }
184     }
185 
186     public List<Permission> getPermissions(
187             long companyId, String[] actionIds, long resourceId)
188         throws SystemException {
189 
190         List<Permission> permissions = new ArrayList<Permission>();
191 
192         for (int i = 0; i < actionIds.length; i++) {
193             Permission permission = addPermission(
194                 companyId, actionIds[i], resourceId);
195 
196             permissions.add(permission);
197         }
198 
199         return permissions;
200     }
201 
202     public List<Permission> getRolePermissions(long roleId)
203         throws SystemException {
204 
205         return rolePersistence.getPermissions(roleId);
206     }
207 
208     public List<Permission> getRolePermissions(long roleId, long resourceId)
209         throws SystemException {
210 
211         return permissionFinder.findByR_R(roleId, resourceId);
212     }
213 
214     public List<Permission> getUserPermissions(long userId, long resourceId)
215         throws SystemException {
216 
217         return permissionFinder.findByU_R(userId, resourceId);
218     }
219 
220     public List<Permission> getUserPermissions(
221             long userId, long companyId, String name, int scope, String primKey)
222         throws SystemException {
223 
224         return permissionFinder.findByU_C_N_S_P(
225             userId, companyId, name, scope, primKey);
226     }
227 
228     public boolean hasGroupPermission(
229             long groupId, String actionId, long resourceId)
230         throws SystemException {
231 
232         Permission permission = permissionPersistence.fetchByA_R(
233             actionId, resourceId);
234 
235         // Return false if there is no permission based on the given action
236         // id and resource id
237 
238         if (permission == null) {
239             return false;
240         }
241 
242         return groupPersistence.containsPermission(
243             groupId, permission.getPermissionId());
244     }
245 
246     public boolean hasRolePermission(
247             long roleId, long companyId, String name, int scope,
248             String actionId)
249         throws SystemException {
250 
251         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
252             companyId, name, scope);
253 
254         List<Resource> resources = resourcePersistence.findByCodeId(
255             resourceCode.getCodeId());
256 
257         for (Resource resource : resources) {
258             Permission permission = permissionPersistence.fetchByA_R(
259                 actionId, resource.getResourceId());
260 
261             if (permission != null) {
262                 if (rolePersistence.containsPermission(
263                         roleId, permission.getPermissionId())) {
264 
265                     return true;
266                 }
267             }
268         }
269 
270         return false;
271     }
272 
273     public boolean hasRolePermission(
274             long roleId, long companyId, String name, int scope, String primKey,
275             String actionId)
276         throws SystemException {
277 
278         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
279             companyId, name, scope);
280 
281         Resource resource = resourcePersistence.fetchByC_P(
282             resourceCode.getCodeId(), primKey);
283 
284         if (resource == null) {
285             return false;
286         }
287 
288         Permission permission = permissionPersistence.fetchByA_R(
289             actionId, resource.getResourceId());
290 
291         if (permission == null) {
292             return false;
293         }
294 
295         return rolePersistence.containsPermission(
296             roleId, permission.getPermissionId());
297     }
298 
299     public boolean hasUserPermission(
300             long userId, String actionId, long resourceId)
301         throws SystemException {
302 
303         Permission permission = permissionPersistence.fetchByA_R(
304             actionId, resourceId);
305 
306         // Return false if there is no permission based on the given action
307         // id and resource id
308 
309         if (permission == null) {
310             return false;
311         }
312 
313         return userPersistence.containsPermission(
314             userId, permission.getPermissionId());
315     }
316 
317     public boolean hasUserPermissions(
318             long userId, long groupId, String actionId, long[] resourceIds,
319             PermissionCheckerBag permissionCheckerBag)
320         throws SystemException {
321 
322         StopWatch stopWatch = null;
323 
324         if (_log.isDebugEnabled()) {
325             stopWatch = new StopWatch();
326 
327             stopWatch.start();
328         }
329 
330         int block = 1;
331 
332         // Return false if there are no resources
333 
334         if ((Validator.isNull(actionId)) || (resourceIds == null) ||
335             (resourceIds.length == 0)) {
336 
337             return false;
338         }
339 
340         List<Permission> permissions = permissionFinder.findByA_R(
341             actionId, resourceIds);
342 
343         // Return false if there are no permissions
344 
345         if (permissions.size() == 0) {
346             return false;
347         }
348 
349         // Record logs with the first resource id
350 
351         long resourceId = resourceIds[0];
352 
353         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
354 
355         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
356         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
357         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
358         //List<Group> userUserGroupGroups =
359         //  permissionCheckerBag.getUserUserGroupGroups();
360         List<Group> groups = permissionCheckerBag.getGroups();
361         List<Role> roles = permissionCheckerBag.getRoles();
362 
363         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
364 
365         // Check the organization and community intersection table. Break out of
366         // this method if the user has one of the permissions set at the
367         // intersection because that takes priority.
368 
369         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
370         //  return true;
371         //}
372 
373         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
374 
375         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
376             return hasUserPermissions_1(
377                 userId, actionId, resourceId, permissions, groups, groupId,
378                 stopWatch, block);
379         }
380         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
381             return hasUserPermissions_2(
382                 userId, actionId, resourceId, permissions, groups, groupId,
383                 stopWatch, block);
384         }
385         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
386             return hasUserPermissions_3(
387                 userId, actionId, resourceId, permissions, groups, roles,
388                 stopWatch, block);
389         }
390         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
391             return hasUserPermissions_4(
392                 userId, actionId, resourceId, permissions, groups, roles,
393                 stopWatch, block);
394         }
395         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
396             return hasUserPermissions_5(
397                 userId, actionId, resourceId, permissions, roles, stopWatch,
398                 block);
399         }
400 
401         return false;
402     }
403 
404     public void setGroupPermissions(
405             long groupId, String[] actionIds, long resourceId)
406         throws PortalException, SystemException {
407 
408         Group group = groupPersistence.findByPrimaryKey(groupId);
409 
410         List<Permission> permissions = permissionFinder.findByG_R(
411             groupId, resourceId);
412 
413         for (Permission permission : permissions) {
414             groupPersistence.removePermission(groupId, permission);
415         }
416 
417         permissions = getPermissions(
418             group.getCompanyId(), actionIds, resourceId);
419 
420         groupPersistence.addPermissions(groupId, permissions);
421 
422         PermissionCacheUtil.clearCache();
423     }
424 
425     public void setGroupPermissions(
426             String className, String classPK, long groupId,
427             String[] actionIds, long resourceId)
428         throws PortalException, SystemException {
429 
430         long associatedGroupId = 0;
431 
432         if (className.equals(Organization.class.getName())) {
433             long organizationId = GetterUtil.getLong(classPK);
434 
435             Organization organization =
436                 organizationPersistence.findByPrimaryKey(organizationId);
437 
438             orgGroupPermissionFinder.removeByO_G_R(
439                 organizationId, groupId, resourceId);
440 
441             associatedGroupId = organization.getGroup().getGroupId();
442         }
443         else if (className.equals(UserGroup.class.getName())) {
444             long userGroupId = GetterUtil.getLong(classPK);
445 
446             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
447                 userGroupId);
448 
449             associatedGroupId = userGroup.getGroup().getGroupId();
450         }
451 
452         setGroupPermissions(associatedGroupId, actionIds, resourceId);
453     }
454 
455     public void setOrgGroupPermissions(
456             long organizationId, long groupId, String[] actionIds,
457             long resourceId)
458         throws PortalException, SystemException {
459 
460         Organization organization =
461             organizationPersistence.findByPrimaryKey(organizationId);
462 
463         long orgGroupId = organization.getGroup().getGroupId();
464 
465         List<Permission> permissions = permissionPersistence.findByResourceId(
466             resourceId);
467 
468         for (Permission permission : permissions) {
469             groupPersistence.removePermission(orgGroupId, permission);
470         }
471 
472         permissions = getPermissions(
473             organization.getCompanyId(), actionIds, resourceId);
474 
475         orgGroupPermissionFinder.removeByO_G_R(
476             organizationId, groupId, resourceId);
477 
478         for (Permission permission : permissions) {
479             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
480                 organizationId, groupId, permission.getPermissionId());
481 
482             OrgGroupPermission orgGroupPermission =
483                 orgGroupPermissionPersistence.create(pk);
484 
485             orgGroupPermissionPersistence.update(orgGroupPermission, false);
486         }
487 
488         PermissionCacheUtil.clearCache();
489     }
490 
491     public void setRolePermission(
492             long roleId, long companyId, String name, int scope, String primKey,
493             String actionId)
494         throws PortalException, SystemException {
495 
496         if (scope == ResourceConstants.SCOPE_COMPANY) {
497 
498             // Remove group permission
499 
500             unsetRolePermissions(
501                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
502                 actionId);
503         }
504         else if (scope == ResourceConstants.SCOPE_GROUP) {
505 
506             // Remove company permission
507 
508             unsetRolePermissions(
509                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
510                 actionId);
511         }
512         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
513             throw new NoSuchPermissionException();
514         }
515 
516         Resource resource = resourceLocalService.addResource(
517             companyId, name, scope, primKey);
518 
519         Permission permission = permissionPersistence.fetchByA_R(
520             actionId, resource.getResourceId());
521 
522         if (permission == null) {
523             long permissionId = counterLocalService.increment(
524                 Permission.class.getName());
525 
526             permission = permissionPersistence.create(permissionId);
527 
528             permission.setCompanyId(companyId);
529             permission.setActionId(actionId);
530             permission.setResourceId(resource.getResourceId());
531 
532             permissionPersistence.update(permission, false);
533         }
534 
535         rolePersistence.addPermission(roleId, permission);
536 
537         PermissionCacheUtil.clearCache();
538     }
539 
540     public void setRolePermissions(
541             long roleId, long companyId, String name, int scope, String primKey,
542             String[] actionIds)
543         throws PortalException, SystemException {
544 
545         for (int i = 0; i < actionIds.length; i++) {
546             String actionId = actionIds[i];
547 
548             setRolePermission(
549                 roleId, companyId, name, scope, primKey, actionId);
550         }
551     }
552 
553     public void setRolePermissions(
554             long roleId, String[] actionIds, long resourceId)
555         throws PortalException, SystemException {
556 
557         Role role = rolePersistence.findByPrimaryKey(roleId);
558 
559         List<Permission> permissions = permissionFinder.findByR_R(
560             roleId, resourceId);
561 
562         rolePersistence.removePermissions(roleId, permissions);
563 
564         permissions = getPermissions(
565             role.getCompanyId(), actionIds, resourceId);
566 
567         rolePersistence.addPermissions(roleId, permissions);
568 
569         PermissionCacheUtil.clearCache();
570     }
571 
572     public void setUserPermissions(
573             long userId, String[] actionIds, long resourceId)
574         throws PortalException, SystemException {
575 
576         User user = userPersistence.findByPrimaryKey(userId);
577 
578         List<Permission> permissions = permissionFinder.findByU_R(
579             userId, resourceId);
580 
581         userPersistence.removePermissions(userId, permissions);
582 
583         permissions = getPermissions(
584             user.getCompanyId(), actionIds, resourceId);
585 
586         userPersistence.addPermissions(userId, permissions);
587 
588         PermissionCacheUtil.clearCache();
589     }
590 
591     public void unsetRolePermission(long roleId, long permissionId)
592         throws SystemException {
593 
594         Permission permission = permissionPersistence.fetchByPrimaryKey(
595             permissionId);
596 
597         if (permission != null) {
598             rolePersistence.removePermission(roleId, permission);
599         }
600 
601         PermissionCacheUtil.clearCache();
602     }
603 
604     public void unsetRolePermission(
605             long roleId, long companyId, String name, int scope, String primKey,
606             String actionId)
607         throws SystemException {
608 
609         ResourceCode resourceCode =
610             resourceCodeLocalService.getResourceCode(
611                 companyId, name, scope);
612 
613         Resource resource = resourcePersistence.fetchByC_P(
614             resourceCode.getCodeId(), primKey);
615 
616         if (resource != null) {
617             Permission permission = permissionPersistence.fetchByA_R(
618                 actionId, resource.getResourceId());
619 
620             if (permission != null) {
621                 rolePersistence.removePermission(roleId, permission);
622             }
623         }
624 
625         PermissionCacheUtil.clearCache();
626     }
627 
628     public void unsetRolePermissions(
629             long roleId, long companyId, String name, int scope,
630             String actionId)
631         throws SystemException {
632 
633         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
634             companyId, name, scope);
635 
636         List<Resource> resources = resourcePersistence.findByCodeId(
637             resourceCode.getCodeId());
638 
639         for (Resource resource : resources) {
640             Permission permission = permissionPersistence.fetchByA_R(
641                 actionId, resource.getResourceId());
642 
643             if (permission != null) {
644                 rolePersistence.removePermission(roleId, permission);
645             }
646         }
647 
648         PermissionCacheUtil.clearCache();
649     }
650 
651     public void unsetUserPermissions(
652             long userId, String[] actionIds, long resourceId)
653         throws SystemException {
654 
655         List<Permission> permissions = permissionFinder.findByU_A_R(
656             userId, actionIds, resourceId);
657 
658         userPersistence.removePermissions(userId, permissions);
659 
660         PermissionCacheUtil.clearCache();
661     }
662 
663     protected boolean checkOrgGroupPermission(
664             List<Organization> organizations, List<Group> groups,
665             List<Permission> permissions)
666         throws PortalException, SystemException {
667 
668         for (Permission permission : permissions) {
669             if (checkOrgGroupPermission(organizations, groups, permission)) {
670                 return true;
671             }
672         }
673 
674         return false;
675     }
676 
677     protected boolean checkOrgGroupPermission(
678             List<Organization> organizations, List<Group> groups,
679             Permission permission)
680         throws PortalException, SystemException {
681 
682         // Do not check for an OrgGroupPermission intersection unless there is
683         // at least one organization and one group to check
684 
685         if ((organizations.size() == 0) || (groups.size() == 0)) {
686             return false;
687         }
688 
689         // Do not check unless the OrgGroupPermission intersection contains at
690         // least one permission
691 
692         List<OrgGroupPermission> orgGroupPermissions =
693             orgGroupPermissionPersistence.findByPermissionId(
694                 permission.getPermissionId());
695 
696         if (orgGroupPermissions.size() == 0) {
697             return false;
698         }
699 
700         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
701             if (orgGroupPermission.containsOrganization(organizations) &&
702                 orgGroupPermission.containsGroup(groups)) {
703 
704                 return true;
705             }
706         }
707 
708         // Throw an exception so that we do not continue checking permissions.
709         // The user has a specific permission given in the OrgGroupPermission
710         // intersection that prohibits him from going further.
711 
712         throw new NoSuchPermissionException(
713             "User has a permission in OrgGroupPermission that does not match");
714     }
715 
716     protected boolean hasUserPermissions_1(
717             long userId, String actionId, long resourceId,
718             List<Permission> permissions, List<Group> groups, long groupId,
719             StopWatch stopWatch, int block)
720         throws SystemException {
721 
722         // Is the user connected to one of the permissions via group or
723         // organization roles?
724 
725         if (groups.size() > 0) {
726             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
727                 return true;
728             }
729         }
730 
731         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
732 
733         // Is the user associated with groups or organizations that are directly
734         // connected to one of the permissions?
735 
736         if (groups.size() > 0) {
737             if (permissionFinder.countByGroupsPermissions(
738                     permissions, groups) > 0) {
739 
740                 return true;
741             }
742         }
743 
744         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
745 
746         // Is the user connected to one of the permissions via user roles?
747 
748         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
749             return true;
750         }
751 
752         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
753 
754         // Is the user connected to one of the permissions via user group roles?
755 
756         if (permissionFinder.countByUserGroupRole(
757                 permissions, userId, groupId) > 0) {
758 
759             return true;
760         }
761 
762         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
763 
764         // Is the user directly connected to one of the permissions?
765 
766         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
767             return true;
768         }
769 
770         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
771 
772         return false;
773     }
774 
775     protected boolean hasUserPermissions_2(
776             long userId, String actionId, long resourceId,
777             List<Permission> permissions, List<Group> groups, long groupId,
778             StopWatch stopWatch, int block)
779         throws SystemException {
780 
781         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
782         // countByUserGroupRole, and countByUsersPermissions in one method
783 
784         if (permissionFinder.containsPermissions_2(
785                 permissions, userId, groups, groupId)) {
786 
787             return true;
788         }
789 
790         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
791 
792         return false;
793     }
794 
795     protected boolean hasUserPermissions_3(
796             long userId, String actionId, long resourceId,
797             List<Permission> permissions, List<Group> groups, List<Role> roles,
798             StopWatch stopWatch, int block)
799         throws SystemException {
800 
801         // Is the user associated with groups or organizations that are directly
802         // connected to one of the permissions?
803 
804         if (groups.size() > 0) {
805             if (permissionFinder.countByGroupsPermissions(
806                     permissions, groups) > 0) {
807 
808                 return true;
809             }
810         }
811 
812         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
813 
814         // Is the user associated with a role that is directly connected to one
815         // of the permissions?
816 
817         if (roles.size() > 0) {
818             if (permissionFinder.countByRolesPermissions(
819                     permissions, roles) > 0) {
820 
821                 return true;
822             }
823         }
824 
825         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
826 
827         // Is the user directly connected to one of the permissions?
828 
829         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
830             return true;
831         }
832 
833         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
834 
835         return false;
836     }
837 
838     protected boolean hasUserPermissions_4(
839             long userId, String actionId, long resourceId,
840             List<Permission> permissions, List<Group> groups, List<Role> roles,
841             StopWatch stopWatch, int block)
842         throws SystemException {
843 
844         // Call countByGroupsPermissions, countByRolesPermissions, and
845         // countByUsersPermissions in one method
846 
847         if (permissionFinder.containsPermissions_4(
848                 permissions, userId, groups, roles)) {
849 
850             return true;
851         }
852 
853         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
854 
855         return false;
856     }
857 
858     protected boolean hasUserPermissions_5(
859             long userId, String actionId, long resourceId,
860             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
861             int block)
862         throws SystemException {
863 
864         if (roles.size() > 0) {
865             if (permissionFinder.countByRolesPermissions(
866                     permissions, roles) > 0) {
867 
868                 return true;
869             }
870         }
871 
872         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
873 
874         return false;
875     }
876 
877     protected void logHasUserPermissions(
878         long userId, String actionId, long resourceId, StopWatch stopWatch,
879         int block) {
880 
881         if (!_log.isDebugEnabled()) {
882             return;
883         }
884 
885         _log.debug(
886             "Checking user permissions block " + block + " for " + userId +
887                 " " + actionId + " " + resourceId + " takes " +
888                     stopWatch.getTime() + " ms");
889     }
890 
891     private static Log _log =
892         LogFactory.getLog(PermissionLocalServiceImpl.class);
893 
894 }